You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Niamh Holding <ni...@fullbore.co.uk> on 2012/10/30 18:47:12 UTC
HK_LOTTO hitting ham from the UK national lottery
http://pastebin.com/download.php?i=CmE661yf
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello John,
Tuesday, October 30, 2012, 6:37:11 PM, you wrote:
JH> score HK_LOTTO_NAME 0.998 0.998 0.998 0.998
Further-
[root@mail updates_spamassassin_org]# grep HK_LOTTO *
50_scores.cf:score HK_LOTTO 3.599 2.755 2.993 3.599
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello John,
Tuesday, October 30, 2012, 7:13:05 PM, you wrote:
JH> Frack. grepped without looking closely enough. Sorry!
Even more fun is that this thread hits HK_LOTTO as well!
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by John Hardin <jh...@impsec.org>.
On Tue, 30 Oct 2012, Niamh Holding wrote:
> Hello John,
>
> Tuesday, October 30, 2012, 6:37:11 PM, you wrote:
>
> JH> score HK_LOTTO_NAME 0.998 0.998 0.998 0.998
>
> That is not the test I named-
>
> * 3.6 HK_LOTTO HK_LOTTO
Frack. grepped without looking closely enough. Sorry!
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
Tomorrow: Halloween
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Alexandre,
Wednesday, October 31, 2012, 12:04:49 PM, you wrote:
AB> Well as far as I know, if your SA instance restart after sa-update, it
AB> should find the most recent and up to date ruleset.
sa-update -D --gpgkey 6C6191E3 --channel sought.rules.yerp.org --channel updates.spamassassin.org && /sbin/service spamassassin restart
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Alexandre Boyer <bi...@gmail.com>.
Hello,
Well as far as I know, if your SA instance restart after sa-update, it
should find the most recent and up to date ruleset.
Did you restart your instance? if you use amavis, restart it as well.
You may want to remove the ancient (theoritacally unsued) rulesets in
/var/lib/spamassassin in order to keep the most up to date one.
If this do not work, review your configuration. I don't know, maybe
/var/lib/spamassassin/3.003001 is hardcoded somewhere?
Alex, from prypiat.
Yes, I recycle.
On 12-10-31 03:16 AM, Niamh Holding wrote:
> Hello Niamh,
>
> Tuesday, October 30, 2012, 7:18:23 PM, you wrote:
>
> NH> However it seems spamassassin is using this rule from the older
> NH> /var/lib/spamassassin/3.003001
>
> No, it's there in 3.32 as well... I was grepping in the wrong place!
>
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Niamh,
Tuesday, October 30, 2012, 7:18:23 PM, you wrote:
NH> However it seems spamassassin is using this rule from the older
NH> /var/lib/spamassassin/3.003001
No, it's there in 3.32 as well... I was grepping in the wrong place!
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Alexandre,
Tuesday, October 30, 2012, 7:04:12 PM, you wrote:
AB> This tends to proove that you do not sa-update your installation.
Everyday at 4am
However it seems spamassassin is using this rule from the older
/var/lib/spamassassin/3.003001
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Alexandre Boyer <bi...@gmail.com>.
This tends to proove that you do not sa-update your installation.
$ grep -r HK_LOTTO /usr/share/spamassassin/
/usr/share/spamassassin/50_scores.cf:score HK_LOTTO 3.599 2.755 2.993 3.599
You may either use sa-update (score is lowered to 1) or override the
score in your personnal ruleset.
Alex, from prypiat.
Yes, I recycle.
On 12-10-30 02:46 PM, Niamh Holding wrote:
> Hello John,
>
> Tuesday, October 30, 2012, 6:37:11 PM, you wrote:
>
> JH> score HK_LOTTO_NAME 0.998 0.998 0.998 0.998
>
> That is not the test I named-
>
> * 3.6 HK_LOTTO HK_LOTTO
>
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello John,
Tuesday, October 30, 2012, 6:37:11 PM, you wrote:
JH> score HK_LOTTO_NAME 0.998 0.998 0.998 0.998
That is not the test I named-
* 3.6 HK_LOTTO HK_LOTTO
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by John Hardin <jh...@impsec.org>.
On Tue, 30 Oct 2012, Niamh Holding wrote:
> http://pastebin.com/download.php?i=CmE661yf
Run sa-update and review your local scoring. Your system scored 3.6 points
for HK_LOTTO alone, but the last published score was:
score HK_LOTTO_NAME 0.998 0.998 0.998 0.998
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
Tomorrow: Halloween
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Kevin,
Friday, November 2, 2012, 3:04:32 PM, you wrote:
KAM> How large is the file compressed? Can you just emailed it to me off-list?
About 160kB, so if you want I can email it.
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 11/2/2012 9:29 AM, Niamh Holding wrote:
> Hello Martin,
>
> Friday, November 2, 2012, 1:16:45 PM, you wrote:
>
> MG> It won't - AFAIK rsync is only installed by default on Unix/Linux.
> MG> However, you can download a version for Windows. It says it runs on W7.
>
> MG> https://www.itefix.no/i2/cwrsync
>
> Seems a bit of a bind to submit one mbox file.
>
> Is there a possibility of using ftp?
>
How large is the file compressed? Can you just emailed it to me off-list?
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Martin,
Friday, November 2, 2012, 1:16:45 PM, you wrote:
MG> It won't - AFAIK rsync is only installed by default on Unix/Linux.
MG> However, you can download a version for Windows. It says it runs on W7.
MG> https://www.itefix.no/i2/cwrsync
Seems a bit of a bind to submit one mbox file.
Is there a possibility of using ftp?
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Martin Gregorie <ma...@gregorie.org>.
On Fri, 2012-11-02 at 10:29 +0000, Niamh Holding wrote:
> However this is on a W7 client machine that doesn't have
> rsync as far as I can tell.
>
It won't - AFAIK rsync is only installed by default on Unix/Linux.
However, you can download a version for Windows. It says it runs on W7.
https://www.itefix.no/i2/cwrsync
Martin
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Darxus,
Wednesday, October 31, 2012, 5:51:30 PM, you wrote:
dcc> At the bottom of that page is an "UploadedCorpora" link which you can use
dcc> to upload the emails themselves without even needing to run masscheck
dcc> yourself.
OK I've exported 294 UK National Lottery hams that have hit HK_LOTTO
to a mbox. However this is on a W7 client machine that doesn't have
rsync as far as I can tell.
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by da...@chaosreigns.com.
On 10/31, Niamh Holding wrote:
> A> if you provide a few dozen samples of these hammy msgs , they can be
> A> included in the SA ham corpus
>
> That can be supplied, an mbox of a good supply do?
>
> A> you can directly contribute to rescoring by running a masscheck instance
> A> as per:
> A> http://wiki.apache.org/spamassassin/NightlyMassCheck
>
> Currently not so easy as-
>
> a) all high scoring spam is dumped by procmail
>
> b) I'd need to get back from all the users details of misclassified
> messages so they could be moved to the correct corpora.
You could just provide "a few dozen samples of these hammy msgs" via
masscheck. The more you can provide, and the more representative it is,
the better.
Not including high scoring spam isn't a big problem. Things spamassassin
gets wrong are most useful.
The automated score generation used for the sa-updates comes from email
from about fourteen people, so anything you can provide would probably
be beneficial.
At the bottom of that page is an "UploadedCorpora" link which you can use
to upload the emails themselves without even needing to run masscheck
yourself.
--
"You only truly own what you can carry at a dead run."
- 14th & 15th century Landsknechts
http://www.ChaosReigns.com
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Axb,
Wednesday, October 31, 2012, 3:21:27 PM, you wrote:
A> if you provide a few dozen samples of these hammy msgs , they can be
A> included in the SA ham corpus
That can be supplied, an mbox of a good supply do?
A> you can directly contribute to rescoring by running a masscheck instance
A> as per:
A> http://wiki.apache.org/spamassassin/NightlyMassCheck
Currently not so easy as-
a) all high scoring spam is dumped by procmail
b) I'd need to get back from all the users details of misclassified
messages so they could be moved to the correct corpora.
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by da...@chaosreigns.com.
On 11/01, Niamh Holding wrote:
>
> Hello Darxus,
>
> Wednesday, October 31, 2012, 10:34:42 PM, you wrote:
>
> dcc> They're talking about automated score generation. Currently, apparently,
> dcc> the scores for this rule are fixed, and not included in the calculation of
> dcc> ideal scores.
>
> So currently submitting the ham to the corpus won't actually help
> change anything?
Yes. But two of the developers have agreed that's worth changing, so it
could happen today....
And that could change the scores in either direction.
--
"If you believe everything you read, better not read." - Japanese Proverb
http://www.ChaosReigns.com
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Darxus,
Wednesday, October 31, 2012, 10:34:42 PM, you wrote:
dcc> They're talking about automated score generation. Currently, apparently,
dcc> the scores for this rule are fixed, and not included in the calculation of
dcc> ideal scores.
So currently submitting the ham to the corpus won't actually help
change anything?
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by da...@chaosreigns.com.
On 10/31, jdow wrote:
> On 2012/10/31 14:05, John Hardin wrote:
> >On Wed, 31 Oct 2012, Kevin A. McGrail wrote:
> >
> >>> Shouldn't it be set via GA in 72_scores.cf ?
> >>
> >>Doesn't sound like a bad idea to comment it in 50_scores.cf and let it float.
> >
> >+1. That's what threw me when I did my quickie analysis early on.
>
> ReeeeaaallY? Would it not be better to put in a line like this?
> score HK_LOTTO 0
>
> 50_scores.cf would be continually getting overwritten by updates, would
> it not?
They're talking about automated score generation. Currently, apparently,
the scores for this rule are fixed, and not included in the calculation of
ideal scores. They're talking about including it in the calculation of
ideal scores. Which you download the results of from sa-update.
They're not talking about local score modification.
--
"Eh, wisdom's overrated. I prefer beatings and snacks."
- Unity, Skin Horse
http://www.ChaosReigns.com
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by jdow <jd...@earthlink.net>.
On 2012/10/31 14:05, John Hardin wrote:
> On Wed, 31 Oct 2012, Kevin A. McGrail wrote:
>
>>> Shouldn't it be set via GA in 72_scores.cf ?
>>
>> Doesn't sound like a bad idea to comment it in 50_scores.cf and let it float.
>
> +1. That's what threw me when I did my quickie analysis early on.
ReeeeaaallY? Would it not be better to put in a line like this?
score HK_LOTTO 0
50_scores.cf would be continually getting overwritten by updates, would
it not?
{^_^}
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by John Hardin <jh...@impsec.org>.
On Wed, 31 Oct 2012, Kevin A. McGrail wrote:
>> Shouldn't it be set via GA in 72_scores.cf ?
>
> Doesn't sound like a bad idea to comment it in 50_scores.cf and let it float.
+1. That's what threw me when I did my quickie analysis early on.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
Today: Halloween
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
> wondering....
>
> score HK_LOTTO 3.599 2.755 2.993 3.599
> should this score be in hardwired in 50_scores.cf ?
>
> Shouldn't it be set via GA in 72_scores.cf ?
Doesn't sound like a bad idea to comment it in 50_scores.cf and let it
float.
regards,
KAM
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Axb <ax...@gmail.com>.
On 10/31/2012 06:11 PM, Kevin A. McGrail wrote:
> On 10/31/2012 12:07 PM, Niamh Holding wrote:
>> Wednesday, October 31, 2012, 3:56:32 PM, you wrote:
>>
>> KAM> However, it seems that your configuration is using rules outside the
>> KAM> project (which I author) and that has no bearing on SA.
>>
>> The rule under discussion is HK_LOTTO which is defined in
>> 72_active.cf which I'm sure is part of the project.
>>
>> Why are you claiming that it has no bearing on SA?
> My apologies. I'm mixing up people. One person responded mixing
> KAM_LOTTO and HK_LOTTO.
>> KAM> Additionally, it appears your configuration is scoring the rules
>> higher
>> KAM> than it should at this time.
>>
>> Looks like HK_LOTTO is scoring exactly what 50_scores.cf says it
>> should be.
>>
> Then we need to get your ham involved in the corpus for masscheck!
>
> regards,
> KAM
wondering....
score HK_LOTTO 3.599 2.755 2.993 3.599
should this score be in hardwired in 50_scores.cf ?
Shouldn't it be set via GA in 72_scores.cf ?
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 10/31/2012 12:07 PM, Niamh Holding wrote:
> Wednesday, October 31, 2012, 3:56:32 PM, you wrote:
>
> KAM> However, it seems that your configuration is using rules outside the
> KAM> project (which I author) and that has no bearing on SA.
>
> The rule under discussion is HK_LOTTO which is defined in
> 72_active.cf which I'm sure is part of the project.
>
> Why are you claiming that it has no bearing on SA?
My apologies. I'm mixing up people. One person responded mixing
KAM_LOTTO and HK_LOTTO.
> KAM> Additionally, it appears your configuration is scoring the rules higher
> KAM> than it should at this time.
>
> Looks like HK_LOTTO is scoring exactly what 50_scores.cf says it
> should be.
>
Then we need to get your ham involved in the corpus for masscheck!
regards,
KAM
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Kevin,
Wednesday, October 31, 2012, 3:56:32 PM, you wrote:
KAM> However, it seems that your configuration is using rules outside the
KAM> project (which I author) and that has no bearing on SA.
The rule under discussion is HK_LOTTO which is defined in
72_active.cf which I'm sure is part of the project.
Why are you claiming that it has no bearing on SA?
But just to avoid confusion which of these are not part of SA?
* -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low
* trust
* [85.115.56.190 listed in list.dnswl.org]
* 0.0 HK_LOTTO_SUBJECT HK_LOTTO_SUBJECT
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
* 1.2 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
* [score: 0.5000]
* 1.7 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
* -2.1 AWL AWL: From: address is in the auto white-list
* 3.6 HK_LOTTO HK_LOTTO
KAM> Additionally, it appears your configuration is scoring the rules higher
KAM> than it should at this time.
Pardon!
[root@mail spamassassin]# cd 3.003002
[root@mail 3.003002]# cd updates_spamassassin_org
[root@mail updates_spamassassin_org]# grep HK_LOTTO *
50_scores.cf:score HK_LOTTO 3.599 2.755 2.993 3.599
Looks like HK_LOTTO is scoring exactly what 50_scores.cf says it
should be.
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 10/31/2012 11:50 AM, Niamh Holding wrote:
> Again doesn't solve the problem of these rules hitting ham, the proper
> solution is for the ruled to be amended.
In general, there are rules that CAN'T help hitting some ham which is
why a rule is used in a scoring framework to determine the overall score.
However, it seems that your configuration is using rules outside the
project (which I author) and that has no bearing on SA.
Additionally, it appears your configuration is scoring the rules higher
than it should at this time.
So most likely, AXB is correct and the proper solution is to amend the
scores as the rules continue to be prevalent in Spam.
Regards,
KAM
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Axb,
Wednesday, October 31, 2012, 3:21:27 PM, you wrote:
A> maybe you just lower the score for your setup.
Which doesn't stop these rules hitting ham.
A> and rethink
A>
A> required=4.5
That's only 0.5 under the default threshold.
A> if you provide a few dozen samples of these hammy msgs , they can be
A> included in the SA ham corpus
A> or:
A> you can directly contribute to rescoring by running a masscheck instance
A> as per:
A> http://wiki.apache.org/spamassassin/NightlyMassCheck
Again doesn't solve the problem of these rules hitting ham, the proper
solution is for the ruled to be amended.
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Ned Slider <ne...@unixmail.co.uk>.
On 31/10/12 15:21, Axb wrote:
> On 10/31/2012 04:13 PM, Niamh Holding wrote:
>>
>> Hello Andy,
>>
>> Wednesday, October 31, 2012, 2:22:10 PM, you wrote:
>>
>> AJ> Your message scored a 7.1 on my system.
>>
>> Not a good score for ham :)
>>
>> AJ> 0.5 KAM_LOTTO1 Likely to be an e-Lotto Scam Email
>>
>> But it isn't... maybe 2 rules need amending so they don't hit genuine
>> UK national lottery ham.
>>
>
> or maybe you just lower the score for your setup.
>
> and rethink
>
> required=4.5
>
> or:
> if you provide a few dozen samples of these hammy msgs , they can be
> included in the SA ham corpus
> or:
> you can directly contribute to rescoring by running a masscheck instance
> as per:
> http://wiki.apache.org/spamassassin/NightlyMassCheck
>
I'll just add that I can also confirm HK_LOTTO and HK_LOTTO_NAME
(currently scoring 3.599 and 0.998) regularly hit UK National Lottery
emails as well as UK Health Lottery emails.
I previously contacted Emailvision who is the ESP for the UK Health
Lottery to advise them their emails were scoring very heavily in SA and
recommend they maybe pre-screen outgoing emails with SA before sending
(they were being flagged as spam at default scores).
I've been working around the high scoring HK_LOTTO rules by whitelisting
with SPF. Here is what I have for the UK Health Lottery:
whitelist_from_spf *@healthlottery.co.uk
whitelist_from_spf *@*.healthlottery.co.uk
whitelist_from_spf *@health-lot.cccampaigns.com
I haven't seen high/abusive levels of mail from these domains so
consider whitelisting safe practice.
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Axb <ax...@gmail.com>.
On 10/31/2012 04:13 PM, Niamh Holding wrote:
>
> Hello Andy,
>
> Wednesday, October 31, 2012, 2:22:10 PM, you wrote:
>
> AJ> Your message scored a 7.1 on my system.
>
> Not a good score for ham :)
>
> AJ> 0.5 KAM_LOTTO1 Likely to be an e-Lotto Scam Email
>
> But it isn't... maybe 2 rules need amending so they don't hit genuine
> UK national lottery ham.
>
or maybe you just lower the score for your setup.
and rethink
required=4.5
or:
if you provide a few dozen samples of these hammy msgs , they can be
included in the SA ham corpus
or:
you can directly contribute to rescoring by running a masscheck instance
as per:
http://wiki.apache.org/spamassassin/NightlyMassCheck
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello John,
Wednesday, October 31, 2012, 4:11:13 PM, you wrote:
JH> Unfortunately there doesn't appear to be a really reliable way to do that.
Last external rdns =~ /mailcontrol\.com/
Unless we think that the UK lottery's mail provider will also be
sending lottery spam?
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by John Hardin <jh...@impsec.org>.
On Wed, 31 Oct 2012, Niamh Holding wrote:
> But it isn't... maybe 2 rules need amending so they don't hit genuine
> UK national lottery ham.
Unfortunately there doesn't appear to be a really reliable way to do that.
There was neither valid SPF nor valid DKIM on that message that would
allow the lottery domain in the from or received headers to be trusted.
I suppose the rules could look for the UK lottery domain in the external
received list and not fire, or reduce the score, but that's trivially
subject to forgery.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...the Fates notice those who buy chainsaws...
-- www.darwinawards.com
-----------------------------------------------------------------------
Today: Halloween
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Niamh Holding <ni...@fullbore.co.uk>.
Hello Andy,
Wednesday, October 31, 2012, 2:22:10 PM, you wrote:
AJ> Your message scored a 7.1 on my system.
Not a good score for ham :)
AJ> 0.5 KAM_LOTTO1 Likely to be an e-Lotto Scam Email
But it isn't... maybe 2 rules need amending so they don't hit genuine
UK national lottery ham.
--
Best regards,
Niamh mailto:niamh@fullbore.co.uk
Re: HK_LOTTO hitting ham from the UK national lottery
Posted by Andy Jezierski <AJ...@stepan.com>.
Niamh Holding <ni...@fullbore.co.uk> wrote on 10/30/2012 12:47:12 PM:
> From: Niamh Holding <ni...@fullbore.co.uk>
> To: users@spamassassin.apache.org,
> Date: 10/30/2012 12:47 PM
> Subject: HK_LOTTO hitting ham from the UK national lottery
>
>
>
>
> http://pastebin.com/download.php?i=CmE661yf
>
> --
> Best regards,
> Niamh mailto:niamh@fullbore.co.uk
> [attachment "attyxplb.dat" deleted by Andy Jezierski/Stepan/US]
Your message scored a 7.1 on my system. All the same rules hit except I
don't use AWL which subtracted 2.1 on your system. I also use the KAM
ruleset which added another half point.
0.5 KAM_LOTTO1 Likely to be an e-Lotto Scam Email
Andy